• No results found

Network Monitoring as an essential component of IT security

N/A
N/A
Protected

Academic year: 2021

Share "Network Monitoring as an essential component of IT security"

Copied!
8
0
0

Loading.... (view fulltext now)

Full text

(1)

Network Monitoring as

an essential component

of IT security

White Paper

(2)

Contents

Introduction ... Current Situation ... IT Security Across the Globe ... Protect IT Systems ... Early Warning System in the Network ... Monitoring Security Aspects ...

(3)

Introduction

According to a survey by Paessler AG, companies want to increase their

protection against cyber threats and other damage in the future.

Ap-proximately 1,200 users were asked about the application of Paessler’s

software PRTG Network Monitor. The results of the survey show that

75% of these users find the tool to be an important security

compo-nent for their networks. This white paper highlights the role that network

monitoring plays as a supplemental security component in company

networks, where challenges may arise and how these can be resolved.

Current Situation

Studies on IT security show that companies have some work to do in applying preven-tative security measures. Furthermore, cyber criminals are constantly developing more intelligent digital threats, which can be released in various ways.

A 2013 study by 41st Parameter found that two-thirds of Internet users have been victi-ms of cybercrime, with more than 1.5 million new victivicti-ms every day.

The use of mobile devices poses a major threat to corporate IT Security. According to The Trusted Mobility Index, a survey of 4,000 participants from the U.S., U.K., Germany, China and Japan, 41% of respondents using a personal device for work are doing so wi-thout permission of their employer, and one-third of IT professionals said their company had already experienced a mobile-related security threat.

According to figures from the Ponemon Institute, security breaches cost businesses $7.2 million per incident on average, a number that has climbed steadily over the past few years. About 85% of all U.S. companies have experienced one or more data breaches, and of those, more than one-third still have no formal process to handle the next breach. By some estimates, the global damage caused by cybercrime could be as high as $1 tril-lion. That’s why companies today should place a much higher priority on the importance of securing their IT infrastructure.

Many companies assume their IT infrastructure is sufficiently protected by a reliable fire-wall and an up-to-date virus scanner. However, cyber criminals are developing more so-phisticated methods of accessing company computers and servers. Security programs sometimes only recognize released Trojans, worms, etc. after it’s already too late. As soon as the threat has access to one computer in the company network, it’s usually just a matter of time before the entire system has been compromised.

The result is often data manipulation and loss, or takeover of computing capacity for criminal purposes. If the company-internal systems malfunction because of the mal-ware attack, neither business communication between company locations, nor order processing, nor customer communication will function. The administrator is confronted with a time-consuming search for the exact source of the problem. Which components of the security system have failed? Which areas or components have been attacked by malware? Could there be other reasons why single systems have crashed?

In order to avoid such incidents, the complete IT infrastructure should be protected.

IT SECURITY ACROSS

THE GLOBE

(4)

To this end, companies need a comprehensive IT security approach. In addition to firewalls and virus scanners, other measures such as encoding software, data security software, content filters, port scanners and other tools should be part of these systems. Furthermore, in order to guarantee complete network protection, network monitoring should not be left out as a supplementary security measure. Targeted application of this type of solution can significantly raise the level of security in the IT environment.

Early Warning System in the Network

A network monitoring system generally serves to keep track of the entire IT infrastructure with all devices and systems. Administrators can monitor everything that uses a defined interface and delivers status information via standard protocol. The monitoring software must simply establish contact with the device or service using an IP address and can then retrieve the current device status.

This enables the IT department to keep an eye on the status of every area in the IT infrastructure at all times. The goal is to achieve maximum availability and optimum performance in the network. To do this, the network monitoring system must cover three security-relevant aspects:

• monitoring the actual security systems, • identifying unusual occurrences, and • checking environmental parameters.

Companies with multiple locations can use ‘remote probes’ to maintain centralized con-trol of all three categories. A ‘probe’ is a small software program that monitors a remote network from within and sends the monitoring data to the central data server. In this way, a good network monitoring software monitors any number of network components, both in the main network as well as in the individual branches of the company. Components called ‘sensors’ are configured to monitor various parameters on the network devices and connections. In this way, the administrator has the entire network in view from a central location.

FIGURE:

Monitoring multiple locations with „remote probes“

(5)

The monitoring solution’s early warning system is based on relevant, defined threshold values. If these are exceeded, the software sounds an alarm. The administrator is able to maintain permanent connection to the monitoring solution via web interface or smart-phone app and can check any alarms immediately. He can then analyze the extent and severity of the issue and take appropriate action according to the live data from the monitoring.

Monitoring Security Aspects

IT administrators need to be able to react just as quickly to potential malware attacks. If installed antivirus solutions and firewalls don’t discover attacks in time, the damage done can bring all operations to a standstill. By that time, administrators are only able to react to the problems, instead of being able to take proactive measures to prevent problems before they occur. The fact is that firewalls and virus scanners are not always sufficient on their own to guarantee all-around security for the network. Companies that integrate a network monitoring solution in their security strategy are able to discover potential dangers to the company network at early stages.

REGULARLY SCAN FIRE-WALLS

AND VIRUS SCANNERS

FIGURE:

The software monitors the status of the firewall

FIGURE:

Guaranteeing all-around security for the network

(6)

MONITORING PHYSICAL

ENVIRONMENT PARAMETERS

BANDWIDTH BOTTLENECKS AS

PROBLEM INDICATOR

These malicious attacks could have the following effects: the CPU starts programs ran-domly or ports that should be closed are opened. To avoid this, administrators are in-formed of abnormalities in the firewall early on. The monitoring software can also check virus scanners running on the central mail server, for example. This helps companies to make sure that the scanner is constantly active. The monitoring solution uses special sensors to check the Windows Security Center to determine, for example, whether the virus scanners and anti-malware programs on each computer within the company are up-to-date and running seamlessly. This guarantees that client computers are continuo-usly protected against malware as well.

Network monitoring solutions help administrators measure bandwidth for leased lines, network connections, devices (routers, switches), etc. Detailed monitoring of bandwidth usage can also indirectly detect malware attacks. An indication of an attack may be slow response times from applications and websites, caused by a malware program that takes up a lot of the bandwidth. In order to detect these inconsistencies, the monitoring software monitors various IP addresses, port numbers, protocols, etc. via packet sniffing or flow sensors. These flow sensors collect sent data and send them to the monitoring software for evaluation. The administrator can analyze the data and recognize problems early on, and initiate steps to remove the problem.

This type of bandwidth monitoring is especially suitable for networks with high data traf-fic. Unusual influences or activities—for example, malware attacks—can be recognized if the bandwidth usage exceeds defined thresholds or differs greatly from average values and usual fluctuation. In this case, the administrator can use the monitoring software to check which IP address, connection or protocol is using the most bandwidth and react accordingly.

(7)

Analyzing Results

High-quality network monitoring solutions chart the entire monitoring data in reports and concentrate them into graphs or dashboards as well. The software consolidates the identified values of each component and system into easy-to-read reports. Not only are firewall and virus scanner activity sent to the administrator in a report but also service parameters, including current CPU and RAM usage of all servers and computers. In addition, the availability of all network devices is visible for the IT department. The report even includes significant trends regarding network and bandwidth usage. If ne-cessary, the administrator can draw comparisons between current and historical data for various situations. Current values that are worse than historical values show a defi-nite need for optimization. Administrators can discover similar behavior between vari-ous sensors via automatic analysis of monitoring data and can thus identify previvari-ously unknown relationships between individual network components. Analyses of historical data, as well as identification of sensors with similar behavior patterns, are especially helpful for comparison studies in complex networks, in order to study the exact network usage levels and type of usage, and to close potential security gaps.

FIGURE:

(8)

ABOUT PAESSLER AG

Paessler AG leads the industry in providing the most powerful, affordable and easy-to-use network monitoring and testing solutions. The company’s suite of just-right software products deliver peace of mind, confidence and convenience for businesses of all sizes – from Small Office/Home Office (SOHO) to large enterprises, including more than 70% of the Fortune 100 companies. Based in Nuremberg, Germany, Paessler’s global reach includes more than 150,000 active installations of its products. Founded in 1997, Pa-essler AG remains a privately held company and is recognized as both a member of the Cisco Developer Network and a VMware Technology Alliance Partner.

Freeware and Free Trial versions of all products can be downloaded from

www.paessler.com/prtg/download.

Paessler AG

Bucher Str. 79a, 90419 Nuremberg, Germany, www.paessler.com, [email protected]

VAT-ID: DE 217564187

TAX-ID: FA Nuremberg 241/120/60894

Registration: Amtsgericht Nuremberg HRB 23757 CEO/COO: Dirk Paessler, Christian Twardawa Chairman: Dr. Marc Roessel

NOTE:

All rights for trademarks and names are property of their respective owners.

Conclusion

References

Related documents

A statistically significant negative correlation was dem- onstrated in the study cohort between the maternal serum PIGF levels, foetal heart rate (FHR), birth weight and length,

NetCare Workstation includes the management, monitoring and fault-fixing of the email pre-filters, anti-virus/malware packages and successful installation of Microsoft Security

Ada dua rumusan masalah dalam penelitian ini yaitu apa saja jenis kesalahan yang ditemukan dan sumber kekeliruan apa saja yang ditemukan dalam teks recount.. Tujuan

Deep Security Architecture Deep Security Manager Reports Deep Security Agent Modules: • Intrusion Prevention • Firewall • Integrity Monitoring • Log Inspection • Anti-malware

A strong network security monitoring (NSM) solution is perhaps the true definition of defense in depth. NSM looks at data from across the spectrum of the network; from switches

 Host NIC – configured to watch all network traffic flowing on its segment (usually on NSM sensor)..  Serial port tap – physical device which relays serial traffic to

It is evident that most of the environmental issues during the construction phase is related to localized and temporary impacts such as (i) elevated levels of dust, noise,

3.3.1. The insurance company shall pay the costs of medical treatment received from, arranged by or delivered with the cooperation of the designated health care service